Which statement best describes CodeQL in Code Scanning?

CodeQL in Code Scanning is a framework that lets you write queries to analyze code for vulnerabilities. It works by modeling your code as data in a database and providing a specialized query language to express patterns that indicate security issues, such as unsafe API usage or problematic data flows. In practice, you can run CodeQL queries against your repository to surface alerts that point to exact locations in the code where potential problems exist, often during CI or in GitHub’s scanning results. This isn’t a package manager, so it doesn’t manage dependencies. It isn’t a CI runner, which is the system that executes your CI workflows. And it isn’t a code formatter, which adjusts code style and formatting. CodeQL is specifically about semantic code analysis: defining and running queries to detect vulnerabilities and other quality issues in code.